Doctoral Thesis: Towards Deployable Robust Text Classifiers

Wednesday, August 31
12:30 pm - 2:00 pm


Lei Xu


Classification has been studied for decades as a fundamental task in natural language processing. In this dissertation, we aim to develop more deployable and robust text classifiers, with a main focus on improving classifier robustness against adversarial attacks by developing both attack and defense approaches. Adversarial attacks are a security concern for text classifiers in which a malicious user can take a sentence and perturb it slightly to manipulate the classifier’s output. To design better attack methods, we focus on improving adversarial sentence quality and reducing computation. We propose two attacks, namely (1) rewrite and rollback attack and (2) single-word adversarial perturbation attack. To defend against these attacks, we propose two methods, (1) single-word adversarial perturbation data augmentation in training, and (2) an in situ data augmentation during inference. Finally, we explore the vulnerability of a very recent text classification architecture — prompt-based classifiers, and find them to be vulnerable to attacks as well. We also develop a library called Fibber to facilitate adversarial robustness research.


  • Date: Wednesday, August 31
  • Time: 12:30 pm - 2:00 pm
  • Category:
  • Location: 32-G882
Additional Location Details:

Thesis Supervisor: Dr. Kalyan Veeramachaneni

To attend via zoom, please contact the doctoral candidate at